Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/external/bsd/bind/dist merge bind-9.10.4-P5



details:   https://anonhg.NetBSD.org/src/rev/bd7efdadf100
branches:  trunk
changeset: 350467:bd7efdadf100
user:      spz <spz%NetBSD.org@localhost>
date:      Thu Jan 12 08:21:32 2017 +0000

description:
merge bind-9.10.4-P5

diffstat:

 external/bsd/bind/dist/CHANGES                                            |  24 ++
 external/bsd/bind/dist/README                                             |   5 +
 external/bsd/bind/dist/bin/named/pfilter.c                                |  47 ----
 external/bsd/bind/dist/bin/named/pfilter.h                                |   2 -
 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls             |  12 -
 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer         |  12 -
 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls     |  12 -
 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer |  12 -
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html                           |   2 +-
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html                           |   2 +-
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html                           |   2 +-
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html                           |   2 +-
 external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html                           |  26 ++-
 external/bsd/bind/dist/doc/arm/Bv9ARM.html                                |   6 +-
 external/bsd/bind/dist/doc/arm/man.arpaname.html                          |   2 +-
 external/bsd/bind/dist/doc/arm/man.ddns-confgen.html                      |   2 +-
 external/bsd/bind/dist/doc/arm/man.delv.html                              |   2 +-
 external/bsd/bind/dist/doc/arm/man.dig.html                               |   2 +-
 external/bsd/bind/dist/doc/arm/man.dnssec-checkds.html                    |   2 +-
 external/bsd/bind/dist/doc/arm/man.dnssec-coverage.html                   |   2 +-
 external/bsd/bind/dist/doc/arm/man.dnssec-dsfromkey.html                  |   2 +-
 external/bsd/bind/dist/doc/arm/man.dnssec-importkey.html                  |   2 +-
 external/bsd/bind/dist/doc/arm/man.dnssec-keyfromlabel.html               |   2 +-
 external/bsd/bind/dist/doc/arm/man.dnssec-keygen.html                     |   2 +-
 external/bsd/bind/dist/doc/arm/man.dnssec-revoke.html                     |   2 +-
 external/bsd/bind/dist/doc/arm/man.dnssec-settime.html                    |   2 +-
 external/bsd/bind/dist/doc/arm/man.dnssec-signzone.html                   |   2 +-
 external/bsd/bind/dist/doc/arm/man.dnssec-verify.html                     |   2 +-
 external/bsd/bind/dist/doc/arm/man.genrandom.html                         |   2 +-
 external/bsd/bind/dist/doc/arm/man.host.html                              |   2 +-
 external/bsd/bind/dist/doc/arm/man.isc-hmac-fixup.html                    |   2 +-
 external/bsd/bind/dist/doc/arm/man.named-checkconf.html                   |   2 +-
 external/bsd/bind/dist/doc/arm/man.named-checkzone.html                   |   2 +-
 external/bsd/bind/dist/doc/arm/man.named-journalprint.html                |   2 +-
 external/bsd/bind/dist/doc/arm/man.named-rrchecker.html                   |   2 +-
 external/bsd/bind/dist/doc/arm/man.named.html                             |   2 +-
 external/bsd/bind/dist/doc/arm/man.nsec3hash.html                         |   2 +-
 external/bsd/bind/dist/doc/arm/man.nsupdate.html                          |   2 +-
 external/bsd/bind/dist/doc/arm/man.rndc-confgen.html                      |   2 +-
 external/bsd/bind/dist/doc/arm/man.rndc.conf.html                         |   2 +-
 external/bsd/bind/dist/doc/arm/man.rndc.html                              |   2 +-
 external/bsd/bind/dist/lib/dns/api                                        |   2 +-
 external/bsd/bind/dist/lib/dns/message.c                                  |  78 +++++++-
 external/bsd/bind/dist/lib/dns/resolver.c                                 |  97 ++++++---
 external/bsd/bind/dist/lib/isc/unix/socket.c                              |   5 +-
 external/bsd/bind/dist/lib/isc/win32/socket.c                             |  13 +-
 external/bsd/bind/dist/srcid                                              |   2 +-
 external/bsd/bind/dist/version                                            |   2 +-
 48 files changed, 236 insertions(+), 183 deletions(-)

diffs (truncated from 1004 to 300 lines):

diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/CHANGES
--- a/external/bsd/bind/dist/CHANGES    Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/CHANGES    Thu Jan 12 08:21:32 2017 +0000
@@ -1,3 +1,27 @@
+       --- 9.10.4-P5 released ---
+
+4530.  [bug]           Change 4489 broke the handling of CNAME -> DNAME
+                       in responses resulting in SERVFAIL being returned.
+                       [RT #43779]
+
+4528.  [bug]           Only set the flag bits for the i/o we are waiting
+                       for on EPOLLERR or EPOLLHUP. [RT #43617]
+
+4519.  [port]          win32: handle ERROR_MORE_DATA. [RT #43534]
+
+4517.  [security]      Named could mishandle authority sections that were
+                       missing RRSIGs triggering an assertion failure.
+                       (CVE-2016-9444) [RT # 43632]
+
+4510.  [security]      Named mishandled some responses where covering RRSIG
+                       records are returned without the requested data
+                       resulting in a assertion failure. (CVE-2016-9147)
+                       [RT #43548]
+
+4508.  [security]      Named incorrectly tried to cache TKEY records which
+                       could trigger a assertion failure when there was
+                       a class mismatch. (CVE-2016-9131) [RT #43522]
+
        --- 9.10.4-P4 released ---
 
 4489.  [security]      It was possible to trigger assertions when processing
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/README
--- a/external/bsd/bind/dist/README     Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/README     Thu Jan 12 08:21:32 2017 +0000
@@ -51,6 +51,11 @@
        For up-to-date release notes and errata, see
        http://www.isc.org/software/bind9/releasenotes
 
+BIND 9.10.4-P5
+
+       This version contains fixes for CVE-2016-9131, CVE-2016-9147,
+       CVE-2016-9444 and CVE-2016-9778.
+
 BIND 9.10.4-P4
 
        This version contains a fix for CVE-2016-8864.
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/bin/named/pfilter.c
--- a/external/bsd/bind/dist/bin/named/pfilter.c        Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-#include <config.h>
-
-#include <isc/platform.h>
-#include <isc/util.h>
-#include <named/types.h>
-#include <named/client.h>
-
-#include <blacklist.h>
-
-#include "pfilter.h"
-
-static struct blacklist *blstate;
-
-void
-pfilter_open(void)
-{
-       if (blstate == NULL)
-               blstate = blacklist_open();
-}
-
-#define TCP_CLIENT(c)  (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
-
-void
-pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg)
-{
-       isc_socket_t *socket;
-
-       pfilter_open();
-
-       if (TCP_CLIENT(client))
-               socket = client->tcpsocket;
-       else {
-               socket = client->udpsocket;
-               if (!client->peeraddr_valid)
-                       return;
-       }
-
-       if (socket == NULL)
-               return;
-
-       if (blstate == NULL)
-               return;
-
-       blacklist_sa_r(blstate, 
-           res != ISC_R_SUCCESS, isc_socket_getfd(socket),
-           &client->peeraddr.type.sa, client->peeraddr.length, msg);
-}
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/bin/named/pfilter.h
--- a/external/bsd/bind/dist/bin/named/pfilter.h        Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,2 +0,0 @@
-void pfilter_open(void);
-void pfilter_notify(isc_result_t, ns_client_t *, const char *);
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls
--- a/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-ls     Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-#      Shell script to start the zkt-ls command
-#      out of the example directory
-#
-
-if test ! -f dnssec.conf
-then
-       echo Please start this skript out of the flat or hierarchical sub directory
-       exit 1
-fi
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-ls "$@"
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer
--- a/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/flat/zkt-signer Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-#      Shell script to start the zkt-signer
-#      command out of the example directory
-#
-
-if test ! -f dnssec.conf
-then
-       echo Please start this skript out of the flat or hierarchical sub directory
-       exit 1
-fi
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-signer "$@"
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls
--- a/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-ls     Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-#      Shell script to start the zkt-ls command
-#      out of the example directory
-#
-
-if test ! -f dnssec.conf
-then
-       echo Please start this skript out of the flat or hierarchical sub directory
-       exit 1
-fi
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-ls "$@"
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer
--- a/external/bsd/bind/dist/contrib/zkt-1.1.2/examples/hierarchical/zkt-signer Thu Jan 12 07:28:27 2017 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-#      Shell script to start the zkt-signer
-#      command out of the example directory
-#
-
-if test ! -f dnssec.conf
-then
-       echo Please start this skript out of the flat or hierarchical sub directory
-       exit 1
-fi
-ZKT_CONFFILE=`pwd`/dnssec.conf ../../zkt-signer "$@"
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html   Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch04.html   Thu Jan 12 08:21:32 2017 +0000
@@ -2326,6 +2326,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
 </body>
 </html>
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html   Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch06.html   Thu Jan 12 08:21:32 2017 +0000
@@ -12845,6 +12845,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
 </body>
 </html>
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html   Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch07.html   Thu Jan 12 08:21:32 2017 +0000
@@ -248,6 +248,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
 </body>
 </html>
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html   Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch08.html   Thu Jan 12 08:21:32 2017 +0000
@@ -134,6 +134,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
 </body>
 </html>
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html   Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.ch09.html   Thu Jan 12 08:21:32 2017 +0000
@@ -44,7 +44,7 @@
 <div class="toc">
 <p><b>Table of Contents</b></p>
 <dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt>
 <dd><dl>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -60,7 +60,7 @@
 </div>
 <div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P4</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.10.4-P5</h2></div></div></div>
 <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_intro"></a>Introduction</h3></div></div></div>
@@ -68,6 +68,10 @@
       This document summarizes changes since BIND 9.10.4:
     </p>
 <p>
+      BIND 9.10.4-P5 addresses the security issues described in
+      CVE-2016-9131, CVE-2016-9147 and CVE-2016-9444.
+    </p>
+<p>
       BIND 9.10.4-P4 addresses the security issue described in
       CVE-2016-8864.
     </p>
@@ -103,6 +107,22 @@
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
 <li class="listitem"><p>
+         Named could mishandle authority sections that were missing
+         RRSIGs triggering an assertion failure.  This flaw is
+         disclosed in CVE-2016-9444. [RT # 43632]
+       </p></li>
+<li class="listitem"><p>
+         Named mishandled some responses where covering RRSIG
+         records are returned without the requested data
+         resulting in a assertion failure. This flaw is disclosed in
+         CVE-2016-9147. [RT #43548]
+       </p></li>
+<li class="listitem"><p>
+         Named incorrectly tried to cache TKEY records which could
+         trigger a assertion failure when there was a class mismatch.
+         This flaw is disclosed in CVE-2016-9131.  [RT #43522]
+       </p></li>
+<li class="listitem"><p>
          It was possible to trigger assertions when processing
          a response. This flaw is disclosed in CVE-2016-8864. [RT #43465]
        </p></li>
@@ -198,6 +218,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>
+<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P5</p>
 </body>
 </html>
diff -r 2e6e5193317b -r bd7efdadf100 external/bsd/bind/dist/doc/arm/Bv9ARM.html
--- a/external/bsd/bind/dist/doc/arm/Bv9ARM.html        Thu Jan 12 07:28:27 2017 +0000
+++ b/external/bsd/bind/dist/doc/arm/Bv9ARM.html        Thu Jan 12 08:21:32 2017 +0000
@@ -40,7 +40,7 @@
 <div>
 <div><h1 class="title">
 <a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.10.4-P4</p></div>
+<div><p class="releaseinfo">BIND Version 9.10.4-P5</p></div>
 <div><p class="copyright">Copyright © 2004-2015 Internet Systems Consortium, Inc. ("ISC")</p></div>
 <div><p class="copyright">Copyright © 2000-2003 Internet Software Consortium.</p></div>
 </div>
@@ -239,7 +239,7 @@
 </dl></dd>
 <dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
 <dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P4</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.10.4-P5</a></span></dt>
 <dd><dl>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -385,6 +385,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook"; style="text-align: center;">BIND 9.10.4-P4</p>



Home | Main Index | Thread Index | Old Index